Where is the data? Who has access to it? How is it being secured? These are the fundamental questions inherent in any third-party risk management program. And in this edition of CyberEd Magazine, Cris Ewell, CISO of UW Medicine, shares insights from his experience managing vendor risk. Ewell's single biggest message: Know where your data resides. "That is such a challenge for every CISO that I've ever met," Ewell says. "It doesn't matter what the organization type is or the vertical of the organization - understanding where 100 percent of your data is located is a difficult challenge."

Ewell spoke recently at two of ISMG's Summits, and there is a transcript of an interview with him in this latest edition of CyberEd Magazine. Also, please check out my interview with Microsoft's David Houlding about blockchain as a tool to reduce fraud. His message: "Look for opportunity to increase the business value of your blockchain initiative with anti-fraud."